Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Johnson, C. W. , Evangelopoulou, M. and Pavlova, T. (2017) Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things. Proceedings 35th International System Safety Conference, Albuquerque, NM, USA, 21-25 Aug 2017.

[img]
Preview
Text
150357.pdf - Accepted Version

183kB

Abstract

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America.

Item Type:Conference or Workshop Item
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Evangelopoulou, Miss Maria and Pavlova, Miss Tanya and Johnson, Professor Chris
Authors: Johnson, C. W., Evangelopoulou, M., and Pavlova, T.
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2017 The Authors
Publisher Policy:Reproduced with the permission of the Authors

University Staff: Request a correction | Enlighten Editors: Update this record